Creating a Trust Point CA Association

Detailed Steps

To create a trust point CA association, follow these steps:

  1. Expand Switches > Security, and then select PKI in the Physical Attributes pane.
  2. Click the Trust Point tab in the Information Pane.
  3. Click Create Row.
  4. Select the switch for which you are creating the trust point CA from the Switch drop-down menu.
  5. Assign a name to the trust point CA.
  6. Select a key-pair name to be associated with this trust point for enrollment. It was generated earlier in the "Generating an RSA Key Pair" topic. Only one RSA key-pair can be specified per CA.
  7. From the RevokeCheckMethod drop-down menu, select the certificate revocation method that you would like to use. You can use CRL, OCSP, CRL OCSP, or OCSP CRL to check for certificate revocation.

    8. The CRL OCSP option checks for revoked certificates first in the locally stored CRL. If not found, the switch uses OCSP to check the revoked certificates on the URL specified in Step 7.

  8. Enter the OCSP URL if you selected an OCSP certificate revocation method.

    9. Note     The OSCP URL must be configured before configuring the revocation checking method.

  9. Click Create to successfully create the trust point CA.

Copyright 2010-2013, Cisco Systems, Inc. All rights reserved.